Photo of Rajnish Ghaly

Rajnish Ghaly

Security Blogger

30th May 2022

Big business for cyber criminals

Ransomware is a lucrative attack vector for cybercriminals that continues to rank amongst the most common cyberattacks in 2022. It’s a debilitating attack with an average downtime of 21 days, that can have financial and reputational repercussions for an organization.

Cybercriminals have typically leveraged ransomware to target high-profile organizations, large corporations and government agencies, in what is called ‘big game hunting’, on the premise that these companies are far more likely to pay higher ransoms and avoid unwanted media and public scrutiny. However, ransomware groups are now beginning to shift their focus to smaller businesses to adapt to the heightened pressure from law enforcement, who are cracking down on well-known ransomware groups such as REvil and Conti.

With ransomware groups constantly scanning for vulnerabilities across businesses of all sizes, businesses must develop robust strategies to prevent ransomware threats. This blog will explain how ransomware works, how effective it is, and how your business can mitigate ransomware attacks from occurring.

What is ransomware?

Ransomware is a type of malware that cybercriminals leverage to prevent users from accessing their systems or files, threatening to withhold, destroy or leak sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto ransomware). In both instances, once a ransom is paid, threat actors will provide victims with a decryption key or tool to unlock their data or device.

There are three core elements to a ransomware attack:

  1. Access: Threat actors need to initially gain access to an organizations systems to deploy malware that will encrypt files and allow the threat actors to establish control of the data.
  2. Trigger: Once the malicious software is activated, the data is effectively in the control of the attackers. The data is encrypted and no longer accessible by anyone in the organization.
  3. Demand: The victims will receive an alert that their data is encrypted and cannot be accessed until a ransom is paid.

The motives of cybercriminals deploying malware vary, albeit with a similar end goal – financial gain. Threat actors are opportunists and will consider organizations, big or small, as viable targets. Larger organizations such as hospitals are higher-value targets, as they are far more likely to pay a ransom quickly due to the urgency to decrypt public data as soon as possible. Conversely, smaller companies are seen as easy targets that may lack effective cybersecurity defenses to prevent a ransomware attack, therefore it is easier to penetrate and exploit.

The average payout from ransomware attacks has risen from $312,000 in 2020 to $570,000 in 2021. Reports also show that 66% of organizations were victims to ransomware attacks in 2021 compared to 37% in 2020, highlighting the need to implement stronger defenses to combat the threats.

There is no guarantee that threat actors will release data once a ransom is paid, therefore it is crucial to protect your data and keep offline backups of your files, first and foremost. It’s also important to proactively monitor and protect entry points that a hacker may exploit to deploy ransomware attacks.

How is ransomware deployed?

The most common delivery method of ransomware is via phishing attacks. Social engineering methods like phishing are effective methods of attack due to how threat actors trick employees into opening suspicious attachments in emails. This is often achieved by imitating senior level employees or trusted authority figures.

Malvertising (malicious advertising) is another tactic used by cybercriminals to deploy ransomware, whereby ad space is purchased and infected with malware that is then displayed on trusted and legitimate websites. Once the ad is clicked, or a website hosting malware is accessed, your device is infected by malware that scans your device for vulnerabilities to exploit.

Ransomware can also be deployed by exploiting unpatched and outdated systems, as was the case in 2017, when a security vulnerability in Microsoft Windows, EternalBlue (MS17-010), led to the global WannaCry ransomware attack that spread to over 150 countries. It was the biggest cyberattack to hit the NHS that set the health service back £92m in damages, had a direct impact on patient care due to cancelled appointments, and affected the NHS financially as additional costs were directed to IT support to restore data and systems affected by the attack.

With various ways for cybercriminals to exploit businesses with ransomware, what can be done to mitigate the effectiveness of their attacks?

Four key methods to defend your business against ransomware

It is pivotal that businesses are aware of the effects of a ransomware attack and what can be done to prevent threat actors from beaching their systems and holding valuable data to ransom. Up to 61% of organizations with security teams consisting of 11–25 employees are said to be most concerned about ransomware attacks.

The WannaCry attack in 2017 demonstrates how the NHS could have prevented the ransomware attack by simply complying with warnings of potential cyberattacks targeting the NHS, and to migrate away from outdated software, ensuring strategies were in place to strengthen their security posture.

It’s essential for your business to take a proactive approach to cybersecurity and implement the correct tools to help monitor, detect, and mitigate suspicious activity across your network and infrastructure, so that breaches and the effects of ransomware attacks can be limited.

Here are four core strategies to help prevent ransomware attacks and stay one step ahead of the hackers:

  1. 1. Training

    Cybersecurity awareness training is pivotal for businesses of all sizes as it helps to secure your employees and reinforces the initial point of entry for hackers. Social engineering tactics, such as phishing and tailgating, are common and successful due to human-error and employees not spotting the risks. That’s why it’s vital for employees to be vigilant around emails that contain suspicious links or contain an unusual request to share personal data from someone pretending to be a senior-level employee. Security training will also encourage employees to have the foresight to query visitors to your offices to prevent ransomware attacks via physical intrusion.

    Implementing cybersecurity awareness training will help your business routinely educate and assess your employees on fundamental security practices, ultimately creating a security culture to reduce the risk of data breaches and security incidents.

  2. 2. Phishing simulators

    It’s key to spot the bait before malicious software can infiltrate your systems. To support your security awareness training, the use of phishing simulator tools can deliver fake, yet realistic phishing emails to employees to help you understand how susceptible your staff are to falling for a cybercriminal’s tactics, allowing you to plug any gaps in their security training.

    By combining phishing simulators with security training, your business has a greater chance to avoid falling victim to ransomware attacks, as you will be in a better position to prevent the cunning attempts of cybercriminals to infiltrate your IT systems to plant malware.

  3. 3. Threat monitoring

    Active threat monitoring will help to make your business a tougher target for cybercriminals. Being proactive ensures you stay one step ahead of hackers and by introducing threat monitoring tools to your business, you ensure any suspicious behavior is detected early for remediation.

    Threat intelligence is a powerful tool to defend against potential malware and ransomware attacks, as it collates data from various sources such as penetration tests and vulnerability scans. This will give you an overview of your threat landscape and areas most at risk of a cyberattack or a data breach.

  4. 4. Endpoint protection

    Endpoint protection is a key tool to understanding which of your assets are vulnerable to help repel malware attacks like ransomware. Endpoint protection goes beyond the traditional anti-virus software by offering advanced security features that protects your network and the devices within it, such as laptops, desktops, smartphones and tablets, against threats including malware and phishing campaigns.

    To effectively combat ransomware attacks, endpoint protection should have anti-ransomware capabilities to detect suspicious behavior that may be caused by file changes and unauthorized file encryption. The ability to isolate or quarantine any affected devices can also be a very useful feature for stopping the spread of malware.

Summary

Ransomware attacks are frequent and show no signs of subsiding, with ransomware groups continually looking for vulnerabilities to exploit. It’s important your business understands how ransomware attacks are deployed and what can be done internally to strengthen your cyber defenses.

Ensure your staff undergo regular security awareness training, that threat monitoring tools are working around the clock to detect and alert you of vulnerabilities that pose a risk to your business, and that endpoint protection is protecting your devices across your network. By following the above guidelines, you will improve your chances of safeguarding your business against ransomware attacks that could cost your organization a substantial amount of money and/or reputational damage.

Start protecting your business today with Defense.com